Skip to content

Instantly share code, notes, and snippets.

@l0rd

l0rd/destroy.sh

Last active February 22, 2021 10:03
Show Gist options
  • Save l0rd/ace48c44a20092e115edf80694ac5c21 to your computer and use it in GitHub Desktop.
Save l0rd/ace48c44a20092e115edf80694ac5c21 to your computer and use it in GitHub Desktop.
Download ZIP
Scripts to provision Che on minikube
Raw
destroy.sh
#!/bin/bash
set -o nounset
set -o errexit
export CHE_SERVER_NAMESPACE=workspaces-server
export MINIKUBE_PROFILE=minikube
# Switch to context minikube
kubectx ${MINIKUBE_PROFILE}
# Delete Che
chectl server:delete --telemetry=on --skip-deletion-check --delete-namespace -n ${CHE_SERVER_NAMESPACE}
# Stop minikube
minikube stop -p ${MINIKUBE_PROFILE}
# Delete minikube
minikube delete -p ${MINIKUBE_PROFILE}
Raw
provision.sh
#!/bin/bash
set -o nounset
set -o errexit
CHE_SERVER_NAMESPACE=workspaces-server
CHE_CLUSTER=eclipse-che
MINIKUBE_PROFILE=minikube
TLS_SECRET=che-custom-tls
CA_BUNDLE=che-trusted-ca-bundle
CA_CERT_PATH=~/Library/Application\ Support/mkcert/rootCA.pem
CURRENT_FOLDER=${PWD}
CHE_OPERATOR_PATCH=${CURRENT_FOLDER}/checluster-patch.yaml
printf "" > "${CHE_OPERATOR_PATCH}"
CHE_WORKSPACE_ENGINE=${CHE_WORKSPACE_ENGINE:-che-server}
prereq_check() {
[[ "$OSTYPE" == "darwin"* ]] || (echo "this script is for macOS only"; exit 1)
command -v brew &> /dev/null || (echo "Command brew is not in PATH. To install homebrew visit https://docs.brew.sh/Installation"; exit 1)
command -v minikube &> /dev/null || (echo "Command minikube is not in PATH. To install minikube run \"brew install minikube\""; exit 1)
command -v kubectl &> /dev/null || (echo "Command kubectl is not in PATH. To install kubectl run \"brew install kubectl\""; exit 1)
command -v mkcert &> /dev/null || (echo "Command mkcert is not in PATH. To install mkcert run \"brew install mkcert\""; exit 1)
command -v kubens &> /dev/null || (echo "Command kubens is not in PATH. To install kubens run \"brew install kubens\""; exit 1)
command -v chectl &> /dev/null || (echo "Command chectl is not in PATH. To install chectl run \"bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next\""; exit 1)
}
provision_minikube() {
# Update minikube
brew upgrade minikube
# Create and start a brand new minikube instance
minikube start --memory=8192 --vm=true \
--cpus=4 \
-p ${MINIKUBE_PROFILE} \
--addons=ingress
# Generate Che certificates (for minikube)
MINIKUBE_DOMAIN=$(minikube -p ${MINIKUBE_PROFILE} ip).nip.io
mkdir -p ~/minikube-certs && cd ~/minikube-certs && \
mkcert "*.${MINIKUBE_DOMAIN}" && \
cd "${CURRENT_FOLDER}"
}
patch_nginx_to_use_trusted_cert() {
kubectx ${MINIKUBE_PROFILE}
MINIKUBE_DOMAIN=${MINIKUBE_DOMAIN:-$(minikube -p ${MINIKUBE_PROFILE} ip).nip.io}
cat ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem "${CA_CERT_PATH}" > ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem.patched
kubectl create secret tls mkcert-tls \
--namespace kube-system \
--key ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}"-key.pem \
--cert ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem.patched
kubectl patch --namespace kube-system \
deployment ingress-nginx-controller \
--type=json -p='[{"op": "add",
"path": "/spec/template/spec/containers/0/args/-",
"value": "--default-ssl-certificate=kube-system/mkcert-tls" }]'
printf "spec:\n k8s:\n tlsSecretName: ''\n" > "${CHE_OPERATOR_PATCH}"
}
create_custom_che_tls_secret() {
kubectx ${MINIKUBE_PROFILE}
kubectl create namespace ${CHE_SERVER_NAMESPACE} || true
MINIKUBE_DOMAIN=${MINIKUBE_DOMAIN:-$(minikube -p ${MINIKUBE_PROFILE} ip).nip.io}
# Create the TLS secret
kubectl delete secret "${TLS_SECRET}" --namespace "${CHE_SERVER_NAMESPACE}" || true
kubectl create secret tls "${TLS_SECRET}" \
--namespace "${CHE_SERVER_NAMESPACE}" \
--key ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}"-key.pem \
--cert ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem
# kubectl patch checluster "${CHE_CLUSTER}" -p "{\"spec\": {\"k8s\": {\"tlsSecretName\": \"${TLS_SECRET}\"}}}"
kubectl patch checluster "${CHE_CLUSTER}" --type='json' \
--namespace "${CHE_SERVER_NAMESPACE}" \
-p="[{\"op\": \"replace\", \"path\": \"/spec/k8s/tlsSecretName\", \"value\": \"${TLS_SECRET}\"}]"
kubectl patch checluster "${CHE_CLUSTER}" --type='json' \
--namespace "${CHE_SERVER_NAMESPACE}" \
-p="[{\"op\": \"replace\", \"path\": \"/spec/server/cheHostTLSSecret\", \"value\": \"${TLS_SECRET}\"}]"
}
create_che_ca_bundle_cm() {
kubectx ${MINIKUBE_PROFILE}
kubectl create namespace ${CHE_SERVER_NAMESPACE} || true
MINIKUBE_DOMAIN=${MINIKUBE_DOMAIN:-$(minikube -p ${MINIKUBE_PROFILE} ip).nip.io}
# Create the che-trusted-ca-bundle configmap
kubectl create configmap ${CA_BUNDLE} \
--namespace="${CHE_SERVER_NAMESPACE}" \
--from-file="${CA_CERT_PATH}" \
--from-file=/Users/mloriedo/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem
kubectl label configmap ${CA_BUNDLE} \
app.kubernetes.io/part-of=che.eclipse.org \
app.kubernetes.io/component=ca-bundle \
--namespace="${CHE_SERVER_NAMESPACE}"
}
deploy_nightly_multi_host_che() {
# Update chectl
chectl update next
chectl server:deploy \
--telemetry=on \
-p minikube \
-n "${CHE_SERVER_NAMESPACE}" \
--workspace-engine="${CHE_WORKSPACE_ENGINE}" \
--che-operator-cr-patch-yaml "${CHE_OPERATOR_PATCH}"
rm -f "${CHE_OPERATOR_PATCH}"
}
prereq_check
provision_minikube
patch_nginx_to_use_trusted_cert # <-- temp workaround until #18957 get fixed
# <-- even that got broken #19052
deploy_nightly_multi_host_che
# create_custom_che_tls_secret
# create_che_ca_bundle_cm
# echo ""
# echo ""
# echo "To manually add Che self-signed CA cert to the system keychain run:"
# echo " CHE_CA_CRT=<path to cheCA.crt>"
# echo " sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${CHE_CA_CRT}"
# echo ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment